L4A 2024S1 Networks and Security.pdf

IT1153/IT1553/IT1653/IT1853/IT1953 TOPIC 4A NETWORKS AND SECURITY Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 1 Official (Closed) and Non-Sensitive Learning Outcomes By the end of this lesson, you will be able to:  Explain the various types of Network Attacks 1. Reconnaissance Attacks 2. Access Attacks 3. Denial of Service Attacks  Describe some of the Best Practices in Network Security Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 2 Official (Closed) and Non-Sensitive Categorizing Network Attacks There are many different types of network attacks. Generally, one can categorize them into these 3 major types: 1. Reconnaissance Attacks 2. Access Attacks 3. Denial of Service (DoS) Attacks Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 3 Official (Closed) and Non-Sensitive 1. Reconnaissance Attacks Reconnaissance is also known as information gathering Involve the unauthorized discovery and mapping of systems, services, or vulnerabilities  Like a thief surveying a neighbourhood for vulnerable homes to break into It usually precedes (i.e. comes before) an access or DoS attack Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 4 Official (Closed) and Non-Sensitive 1. Reconnaissance Attacks Reconnaissance attacks are used in combination: 1. Intruder begins by conducting a ping sweep of the target network to determine which IP addresses are active 2. The intruder then determines which services or ports are available on the live IP addresses 3. From the port information obtained, the intruder queries the ports to determine the type and version of the application and operating system that is running 4. The intruders then look for vulnerable services that can be exploited Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 5 Official (Closed) and Non-Sensitive 1. Reconnaissance Attacks Reconnaissance attacks use various tools to gain access to a network: 1. Packet Sniffers 2. Ping Sweeps 3. Port Scans 4. Internet Information Queries 5. Other Low-technology Reconnaissance Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 6 Official (Closed) and Non-Sensitive 1.1 Packet Sniffer A packet sniffer is a application that uses a Network Interface Card (NIC) in promiscuous mode to capture all network packets that are sent across the LAN If network packets are in unencrypted plaintext, it can be captured & understood by any application that can pick them off the network Numerous freeware and shareware packet sniffers are available such as Wireshark Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 7 Official (Closed) and Non-Sensitive 1.2 Ping Sweep A ping sweep is a basic network scanning technique that scans a range of IP addresses (i.e hosts) to determine if any hosts are alive. A ping sweep consists of ICMP echo requests sent to multiple hosts  If a host address is alive, it will return an ICMP echo reply. Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 8 Official (Closed) and Non-Sensitive 1.3 Port Scan Each service on a host is associated with a well- known port number (e.g. HTTP is on port 80) Port scanning is a scan of a range of TCP or UDP port numbers on a host to detect listening services It consists of sending a message to each port on a host; the response that the sender receives indicates whether the port is use Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 9 Official (Closed) and Non-Sensitive 1.4 Internet Information Queries Internet information queries can reveal information such as who owns a particular domain, what IP addresses have been assigned to that domain Whois database, the “white pages” of the Internet, storing:  Technical, administrative, and billing contact names  Phone numbers and e-mail addresses  Domain Name Servers Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 10 Official (Closed) and Non-Sensitive 1.4 Internet Information Queries When you register a domain name, your registrar populates a whois database, available to everyone using the Internet Examples:  http://www.internic.com/whois.html  http://www.allwhois.com  http://www.networksolutions.com Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 11 Official (Closed) and Non-Sensitive 1.5 Low - technology Reconnaissance Social Engineering  Duping someone over the phone to reveal sensitive information  Clever attacker can easily get passwords  Social networking websites e.g. Facebook Physical Break-in  Simply walk through the front door  Piggybacking (Connecting to a wireless network or Internet without the owner’s or subscriber's permission or knowledge)  Get network connectivity, diagrams, etc Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 12 Official (Closed) and Non-Sensitive 1.5 Low - technology Reconnaissance Dumpster Diving  Favourite trick of hack master Kevin Mitnick  Also known as “trashing”  Can be disgusting … but very rewarding!  Network diagrams and system documentation  Post-it notes with passwords Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 13 Official (Closed) and Non-Sensitive 2. Access Attacks Access attacks encompass a variety of forms of unauthorized access of computer / network resources Aim of Access Attacks:  retrieve data  gain access  escalate access privileges Types of access attacks: 1. Password attack 2. Trust exploitation 3. Man-in-the-middle attack Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 14 Official (Closed) and Non-Sensitive 2.1 Password Attacks Password attacks can be implemented using:  Brute-force attacks (repeated attempts to identify a user ID & password based on a built-in dictionary  Trojan Horse programs (keylogger)  Packet sniffers (Capture un-encrypted passwords) If successful, the attacker has the same access rights as the user whose account was compromised Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 15 Official (Closed) and Non-Sensitive 2.2 Trust Exploitation The goal of a trust exploitation attacker is to compromise a trusted host, using it to stage attacks on other hosts in the network X How it works: 1. Attacker wants to attack System A  System A only trusts System B  System B trust everyone 2. Attacker compromises System B first 3. Attacker creates “System A user” in System B 4. Attacker attacks System B via System A Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 16 Official (Closed) and Non-Sensitive 2.3 Man-in-the-middle Attack The attacker is positioned in the middle of communications between two machines in order to read or modify the data that passes between the two hosts A popular man-in-the-middle attack involves a laptop acting as a rogue access point. Often the user is in a public location on a wireless hotspot Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 17 Official (Closed) and Non-Sensitive 2.3 Man-in-the-middle Attack Can be active or passive  Active attacks intercept and alter the contents before they are sent on to the recipient.  Passive attacks capture and record the contents and pass on. Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 18 Official (Closed) and Non-Sensitive 3. Denial of Service (DoS) Attacks Attack on availability A DoS attack is a network attack that results in some sort of interruption of service to users, devices, or applications Victim resources (e.g. websites) become unavailable for legitimate public access Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 19 Official (Closed) and Non-Sensitive 3. Denial of Service Attacks DoS attacks are major risks because  They can easily disrupt business processes and cause significant loss  These attacks are relatively simple to conduct, even by an unskilled attacker Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 20 Official (Closed) and Non-Sensitive 3. Denial of Service Attacks Example: SYN Flooding DoS Attack  Attacker sends flood of SYN segments  Victim sets aside resources for each SYN request  Victim crashes or becomes too overloaded to respond to the SYNs from legitimate users TCP SYN Attack B Resources SYN SYN SYN SYN SYN Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 21 Official (Closed) and Non-Sensitive 3.3. Distributed Denial-of-Service Distributed Denial of Service (DDoS) Attack  Unlike DoS attacks, DDoS attacks originate from multiple coordinated sources  DDoS attack presents a challenge to the victim to identify and stop each distributed attackers Symptoms of DoS Attacks include:  Dramatic increase in request for a particular service  Unusually slow network performance  Unavailability of a particular web site Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 22 Official (Closed) and Non-Sensitive 3.3. Distributed Denial-of-Service How it works 1. The hacker distributes zombie software to numerous machines via Internet 2. Hacker initiates attack by sending attack command with victim’s IP Address with remote-control attack software 3. Upon receiving attack command, all zombies flood victim with attack packets 4. Some machines as handlers to forward attack commands to other zombies Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 23 Official (Closed) and Non-Sensitive 3.3. Distributed Denial-of-Service Zombies Attack Command Masters Zombies (Handler) Attack Attack Command Packets Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 24 Official (Closed) and Non-Sensitive Best Practices in Network Security 1. Keep patches up-to-date by installing them weekly or daily, if possible 2. Shut down unnecessary / unused ports and services 3. Use strong passwords and change them often 4. Control physical access to systems 5. Perform regular backups and test the backed up files Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 25 Official (Closed) and Non-Sensitive Best Practices in Network Security 6. Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person 7. Encrypt and password-protect sensitive data 8. Deploy security devices such as firewalls, intrusion detection system, virtual private network, anti-virus software, etc 9. Develop a security policy for the company Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 26

L4A 2024S1 Networks and Security.pdf

Document Details

Tags

Related

Full Transcript